Caddy reverse proxy with automatic lets encrypt.

elico · December 2, 2023, 9:37am

Has anyone tried Caddy reverse proxy with automatic lets encrypt to run ontop of RouterOS container?
It can be pretty nice.
The only issue is the configuration and process management.
A simple port 443 and port 80 port forwarding into the container is a must.
Then the configuration should be auto generated somehow in case you have more than one domain.

I was thinking about caddy api to configure but I don’t have much time for this now.

Any suggestions?
A Caddyfile can be:

{
        email address@example.com
}

https://sn.example.org {
        reverse_proxy https://172.17.0.1:443 {
                transport http {
                        tls_insecure_skip_verify
                }
        }
}

https://dom1.example.org {
        reverse_proxy https://172.17.0.1:443 {
                transport http {
                        tls_insecure_skip_verify
                }
        }
}

https://dom2.example.org {
        reverse_proxy https://172.17.0.1:443 {
                transport http {
                        tls_insecure_skip_verify
                }
        }
}

https://dom1.example.com {
        reverse_proxy https://172.17.0.1:443 {
                transport http {
                        tls_insecure_skip_verify
                }
        }
}

vovan700i · December 4, 2023, 8:11am

I use Caddy with automatic LE certificates running on top of RouterOS in container, it works like a charm.

In fact, the only thing I needed for certificates to work is the following lines in config (inside each domain section or separately with imports followed):

tls {
    dns cloudflare MY_TOKEN
}

Be advised, a stock Caddy doesn’t include any DNS verification plugins (Cloudflare, Route53, etc.), thus I use my own build with the plugins I need included. In case you use HTTP verification instead, you should probably refer to Caddy documentation for details/examples.

nickvacula · December 14, 2023, 8:54pm

I’m too using Caddy with Let’s Encrypt on top of ROS but with Godaddy plugin, not Cloudflare, also custom build, similar to what @vovan700i described above. Work like a charm and I like it!

Note, if you use DNS verification plugin here, your Godaddy API token has a secret and a key, you just specify them both via semicolon:

tls {
	dns godaddy YOUR_GODADDY_SECRET:YOUR_GODADDY_KEY
}